Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Beginning in version 4.10.0, the eStreamer service uses a second series of data blocks to package certain 
records such as intrusion event extra data. See 

 for a list of all block types in the 

series. Series 2 blocks, like series 1 blocks, support variable-length fields and hierarchies of nested 
blocks. The series 2 block types include primitive blocks that provide the same mechanism for 
encapsulating nested inner blocks as the series 1 primitive block types. However, series 2 blocks and 
series 1 blocks have separate numbering systems.

The following example shows the how primitive blocks are used. The list data block (series 2 block type 
31) defines an array of operating system fingerprints (each of which is a type 87 block itself with variable 
length). The overall type 31 data block length is self-describing via the Data Block Length field, which 
contains the length of the data portion of the message, excluding the 8 bytes in the block type and block 
length fields.

Destination Criticality

0x00004000

Destination Port

0x00008000

Destination Server

0x00010000

Source User

0x00020000

Destination User

0x00040000

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

List Data Block Type (2)

Data Block Length

Server 

Fingerprints

Operating System Fingerprint Block Type (87)*

Operating System Fingerprint Block Length

Operating System Server Fingerprint Data...